Posted
by
samzenpuson Monday November 14, 2011 @12:12AM
from the taking-a-closer-look dept.

angry tapir writes "Wrapped in the code the Duqu worm uses to infect computers is the message: 'Copyright (c) 2003 Showtime Inc. All rights reserved. DexterRegularDexter.' An analysis of the worm has also revealed that Duqu, which is similar to Stuxnet and may even have been written by the same developers, may be four years old and that it generally tries to steal information on Wednesdays."

What's got a victim identity have to do with the program source- or object code of a program?Zilch!Whoever has access to it should take an example of the CCC who were pretty open about the content of their Trojans found.

The evidence points to a high level of sophistication. "The exploit used to infect victims with Duqu is incredibly well written, beautiful in a sense," Raiu said. "The Duqu authors are top-class exploit writers."

If I were the author(s) of this piece of malware, I'd get a real warm fuzzy feeling reading those words. So they're skillful. But they're also destructive jerks—yet the author of the piece has nothing to say about their character. Heck, they're celebrities, and that's all that matters any more.

Of course they're good. There is big money in writing malware; the nerd-lords of cybercrime can afford to hire the very best coders, and keep them knee-deep in twinkie wrappers. It's not script kiddies anymore (except those who are just practicing to get a real job writing serious malware, or maybe demonstrating the appropriate skills for potential employers); this is a profession now. Given the absence of any sense of morality among the most intelligent of our young people, money buys all the talent the criminals need. But these guys will work for anybody who has money. The TLAs of the government, for instance. Or non-governmental agencies with an interest in destruction. There is nothing more dangerous than smart people without a moral compass.

Sort of reminds me of Oppenheimer's comment about H-bomb technology as being "technically sweet".

The Invisible Hand of the Free Market is obviously ensuring that the best and brightest aren't under corporate control. The Russian Mafia is bad enough. Can you imagine if Monsanto got hold of some real programmers?

The general moral principle making the distinction here is the "no personal stake" rule. From the bible, the established principle is that almost any crime (but specifically stealing and killing) is forgivable under the following condition : the perpetrator cannot have any stake, either financially, socially, politically, or whatever, in the crime, and there is no reasonable option to avoid the crime.

This is how e.g. police authority works in the western world : a police officer is paid to stand between per

this is a profession now. Given the absence of any sense of morality among the most intelligent of our young people, money buys all the talent the criminals need. But these guys will work for anybody who has money. The TLAs of the government, for instance.

You treat this like it is evil, and also make the reasonable assumption that a TLA of some government is behind this. I don't see how those go together really, unless you think it is evil for a person to support his country. How is this any different from a person paid to operate a submarine, bomber, or tank? It looks the same to me.

I differentiate between America and the Homeland. I am a loyal patriotic American citizen; I support the Constitution, and insist that the government observe that document to the letter. As the regime currently in power in Washington has, on numerious occasions, chosen to act in flagrant disregard for the Constitution, citing as its reason the requirements of "Homeland security", I conclude that this regime—or at least parts of it—does not serve America, but is loyal to this newly created entity

It's mathematical equivalent is to demand cooperation in the prisoner's dilemma, yet fail to cooperate yourself. It is inherently destructive behavior which will end once the default switches. When, by default, people refuse to help each other, atheism will wither and die. And every "convert" to atheism brings that day closer.

The US and Israel have been convicted of releasing that malware without any any proof but that has become SOP all over the world. The US and Israel get blamed for every thing that goes wrong in the world. Usually without a single piece of evidence to support the accusations. The "International Community" should not really be surprised when both the US and Israel give them the finger and recommend they fuck off and take care of their on problems for once.

To be fair, it's hard to dispute that it wasn't Israeli code with significant US assistance. But I haven't really seen anybody "convicting" them over it.

I thought Stuxnet was a master stroke. Disrupt someone's nuclear capability as effectively as bombing, but without any collateral damage and covertly enough that they can't link it to you solidly enough to consider it an act of war.

"hard to dispute"
Why? What magical insight do you possess that can support this opinion? By the time the phrase "hard to dispute" multiplies and mutates across the Internet millions of times people start thinking of it as a factual statement when it was only someones unsupported opinion. The Internet was supposed to be this great medium for spreading information but instead it's turned into the biggest bullshit spreader ever invented. There is no "true and false" or "right and wrong" anymore there is only

In May 2011, the PBS program Need To Know cited a statement by Gary Samore, White House Coordinator for Arms Control and Weapons of Mass Destruction, in which he said, "we're glad they [the Iranians] are having trouble with their centrifuge machine and that we – the US and its allies – are doing everything we can to make sure that we complicate matters for them", offering "winking acknowledgement" of US involvement in Stuxnet. According to the British Daily Telegraph, a showreel that was played

I have no doubt there were nation state security agencies involved. Groups like ANonymos or Lulz don't even come close to having the capabilites to do something like this. To build and deploy Stuxnet required in-depth knowledge of the PLC systems and centrifuge technical data, 2 valid security certs that were stolen from 2 different companies located in Japan, physical access to get the memory stick into a very secure environment, 2 0-day exploits, and very sophisticated engineers and programmers. The fac

Well I did claim significant amounts of money was required for this project. And if any corporation was involved I doubt the plan was presented to the board of directors for a vote. It only takes one person to breech corporate internal security and gain access to any information they need. This is were the money can make the biggest difference.

Usually commercial corporations and most non-security related government agencies rely on simple but thorough background checks to fulfill their due diligence when it comes to security. But that doesn't mean a person with a squeaky clean background and high level security clearance won't change their mind for the right amount of money.
I still find internal corporate security measures weak and practically useless for a determined person. There are only a very small handful of corporations I have worked for

Given the absence of any sense of morality among the most intelligent of our young people, money buys all the talent the criminals need. But these guys will work for anybody who has money. The TLAs of the government, for instance. Or non-governmental agencies with an interest in destruction. There is nothing more dangerous than smart people without a moral compass.

I'd noticed that too. Religion was once the source of our moral compass, but it is thoroughly discredited now, and no replacement has risen to the task. Leftism sort of tried with various Collectivist / Utilitarian approaches, but was doomed to fail by its Skepticist "No one can be certain of anything" ideological foundation.

I'd noticed that too. Religion was once the source of our moral compass, but it is thoroughly discredited now, and no replacement has risen to the task. Leftism sort of tried with various Collectivist / Utilitarian approaches, but was doomed to fail by its Skepticist "No one can be certain of anything" ideological foundation.

Evolution hasn't prepared us for the post-religion era.

I have to disagree with what you say; I don't think that religion is a necessary prerequisite for morality. The relation between morality and religion is a complex one, and difficult to untangle—particularly because some religions, such as the Judaic and Muslim—have taken great pains to impose a legal code on their followers. This has led to the confused notion that you can't be good without also being religious, something that would be quite frightening if it were true. Consider the number of a

I'd noticed that too. Religion was once the source of our moral compass, but it is thoroughly discredited now, and no replacement has risen to the task. Leftism sort of tried with various Collectivist / Utilitarian approaches, but was doomed to fail by its Skepticist "No one can be certain of anything" ideological foundation.

Evolution hasn't prepared us for the post-religion era.

I have to disagree with what you say; I don't think that religion is a necessary prerequisite for morality. The relation between morality and religion is a complex one, and difficult to untangle—particularly because some religions, such as the Judaic and Muslim—have taken great pains to impose a legal code on their followers. [...]

I never said otherwise... and reading your well-thought-out post, I see we already think alike on this subject.

I am one of those Camus-style thinkers who, on seeing that in our world "All is permitted" (Camus quoting Machievelli), develops a moral code and takes it seriously, even though "in reason, there is no reason to", as they say.

I don't think that developing a new moral code is either helpful or necessary; I'm not even convinced that it's possible. I don't think that our problem is a lack a of moral rules, nor that it can be solved by philosophers sitting around and thinking up better ones. I fear that our society has simply become one in which evil is tolerated and encouraged, and where the things that are valued are, in fact, worthless. To cite just one relatively trivial example, the adulation of "celebrities" is foolish and mor

"The Duqu gang has an affinity for Wednesdays,"Raiu said. "They have repeatedly attempted to steal information from these systems on Wednesdays. This probably indicates a strong routine, almost military type."

Via email attachments?? Please - Nowadays, you'd have to be an UTTER CHUMP to fall for that "old trick"..........

Are you kidding me? While I agree that most people reading/. wouldn't fall for that trick, I can assure you that the company I work in (multinational retailer, I work in their head office) nine out of ten people wouldn't hesitate to open a Word attachment from someone they didn't know. Actually, I think the ratio may well be higher.

Now, it's being called "beautiful" in its interior code work, & it very well MAY BE quite elegant but... its deliver mechanism is "2nd rate", imo @ least.

Actually, I would disagree with that. Just because there are nicer ways to do it, doesn't mean that you need to use them. If you can send a single.doc attachment to a user within an organisation to get into it, why isn't that a perfect way to do it? There isn't anything wrong with spearphising. To use the car analogy, if you want to get to your letterbox, there isn't any point in driving a supercar to get to it - just walk from the front door.

However in this application it serves it purpose, obfuscation, hiding criminally professionally paranoid uses of the stuxnet virus past, present and very likely future or at the least future discoveries. Likely some supposed pretend allies have been stuck with variants of the stuxnet virus and the original perpetrators are trying to hide their digital stab in the back of their would be partners.

Well, then it's sort of your "civic responsibility" to EDUCATE said "chumps/noobs" vs. this type of threat.

I agree and I try to educate as many people as I can on as much as I can and hope that the majority of/. uers would, but most of my time is spent teaching people to run analysis, or how to write some basic SQL so that our IT folks aren't being constantly hounded by ad-hoc requests, but most of all I try to teach people to think for themselves and look at a business from a scientific approach. That said, our business has over 4,000 emplyees just at head office and a further 200,000 throughout the business,

This is not a Word macro. It's not even a Word bug. It's a font rendering bug IN THE KERNEL that can be triggered by anything that lets you embed a custom font. Web pages can contain custom fonts. PDF files can contain custom fonts.

Oh, they also have a properly signed driver, and they disable antivirus/antimalware.

YES - That stalls it dead, & iirc, it's been PATCHED already as of last Tuesday's "MS Patch Tuesday", every 2nd tuesday of the month...

no, it has not... they released a "temporary fix" (besides it was qualified has a "workaround", not sure wether it means "a fix that will last a few days before we need another one" or not), but not in time to be included in November's "ms patch Tuesday". Guess it will be for next month...

P.S.=> How is it working then, if it is NOT exploiting using macros? Wouldn't matter though - the patch via FIX IT exists, and again - I do believe it's been patched LAST WEEK in fact, per MS "patch tuesday" that just passed

not it has not, do your homework

Besides, if it is not too much to ask, could you STOP SCREAMING (please ?)

No it has not been patched in last Tuesday's "MS Patch Tuesday" (although a temporary fix indeed exist, which I didn't deny in any way, on the contrary), you might want to check that before SCREAMING it to the world. As for the macro thing, I've read (and apparently many others that answered to you) that it's a problem with the TrueType font parsing engine (which you would have read too if you had done your homework ages ago, that is some googling on microsoft's

I never said you were lying or anything like it I just pointed that your "belief"/"iirc" was wrong. Which it is. Don't feel insulted or trolled, I'm not insulting/trolling you, I'm just stating a fact.

Also I never denied that you figured out an easy way to remove this rootkit and others. Again I don't know where you read in my post that I implied so...

besides, since it seems that you're a bit too young to know that, "screaming" here actually means

I never understood why old people gave up on the desire to change things for the better. While I still think this is generally true the 12 year old here makes something clear. You can't win every argument alone with an abundance of facts. Clear and concise wins every time if you are going to convince others they or some other party is wrong. I question the value or significance of hosts files in any serious way when used large scale. As a minority user they can have a positive impact on your browsing experi

Oh please! you think linux is a magical woobie that scares away the hackers? Did you forget kernel.org got hacked not too long ago? or the KDElook malware, the Q3 malware that was hosted for SIX MONTHS on a major repo for anybody caught it, that nasty Debian bug a year and a half ago, hell I could go on all day.

And Antivirus DOES work if you actually have a decent one like Avast or Comodo. I honestly haven't seen a bug in ANY of my returning customers that they didn't install on purpose, in fact the only bu

Oh no. My wall of text comment was of two purposes. One to point out that you posted a giant wall of text. I was mocking your format not the content. I didn't bother to read it. Second point was to see if I could look more inane than you. I don't think I did.

Also, how in the world did you come up with all that text in 15 minutes?! I am astounded, alarmed and slightly impressed. I didn't read it or anything but that is a long chunk of text!